CHANGES revision 529af8a31650f917519f3980fe85538770bf427e
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes -*- coding: utf-8 -*-
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesChanges with Apache 2.5.0
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_ajp: Fix handling of the default port (8009) in the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes ProxyPass and <Proxy> configurations. PR 57259. [Yann Ylavic].
3f24ae54ba5a63d93c5b71ea2264c0dddbf688c0bnicholes *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 57334. [Yann Ylavic].
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 57328. [Armin Abfalterer <a.abfalterer gmail.com>, Yann Ylavic].
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_ajp: Fix client connection errors handling and logged status
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes when it occurs. PR 56823. [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) ap_expr: Add filemod function for checking file modification dates
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Daniel Gruno]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Add CGIPassAuth directive to control whether HTTP authorization
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes headers are passed to scripts as CGI variables. PR 56855. [Jeff
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_rewrite: Improve relative substitutions in per-directory/htaccess
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes context for directories found by mod_userdir and mod_alias. These no
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes loner require RewriteBase to be specified. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes improperly or too large. [Jeff Trawick]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes error when parsing or forwarding the response fails. [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes r1608202. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 57167 [Edward Lu <Chaosed0 gmail.com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes determine whether it is a normal close or a real error. PR 57168. [Yann
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: abort backend connection on polling error to avoid
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes further processing. [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_buffer: Forward flushed input data immediatly and avoid (unlikely)
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes access to freed memory. [Yann Ylavic, Christophe Jaillet]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy: Use the correct server name for SNI in case the backend
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes SSL connection itself is established via a proxy server.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Do not crash when looking up SSL related variables during
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Ensure that httpd exits with an error status when the MPM fails
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to run. [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) apreq: Content-Length header should be always interpreted as a decimal.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Leading 0 could be erroneously considered as an octal value. PR 56598.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Chris Card <ctcard hotmail com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy: Now allow for 191 character worker names, with non-fatal
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes errors if name is truncated. PR53218. [Jim Jagielski]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes for channel bindings. [Simo Sorce <simo redhat.com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: Concurrent websockets messages could be
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes lost or delayed with ProxyWebsocketAsync enabled.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Edward Lu <Chaosed0 gmail.com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core, mod_info: Add compiled and loaded PCRE versions to version
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes number display. [Rainer Jung]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes internationalization. [William Rowe]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mpm_winnt: Normalize the error and status messages emitted by service.c,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes the service control interface for Windows. [William Rowe]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes is run, instead of waiting until the end of the request. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ldap: Be more conservative with the last-used time for
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes LDAPConnectionPoolTTL. PR54587 [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_deflate: Don't fail when flushing inflated data to the user-agent
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes and that coincides with the end of stream ("Zlib error flushing inflate
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes paths. [Christophe Jaillet, Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes like reads (level TRACE4). [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy: Shutdown (eg. close notify) the backend connection before
3f24ae54ba5a63d93c5b71ea2264c0dddbf688c0bnicholes closing. [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes expires. PR54998. [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_log_config: Add GlobalLog to allow a globally defined log to
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes be inherited by virtual hosts that define a CustomLog.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Edward Lu <Chaosed0 gmail.com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Jeff Trawick, Jim Jagielski]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_html: support automatic detection of doctype and processing
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_html: skip documents shorter than 4 bytes
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 56286 [Micha Lenk <micha lenk info>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes when passed to 'connect()'.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Graham Dumpleton <grahamd apache org>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to resume. PR56333
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes processing mode. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to be based on arbitrary expressions that do not include the username.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Graham Leggett]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) Add the ldap function to the expression API, allowing LDAP filters and
3f24ae54ba5a63d93c5b71ea2264c0dddbf688c0bnicholes distinguished names based on expressions to be escaped correctly to
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes guard against LDAP injection. [Graham Leggett]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) Add module mod_ssl_ct, which provides an implementation of Certificate
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Transparency (RFC 6962) for httpd. [Jeff Trawick]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy: Preserve original request headers even if they differ
3f24ae54ba5a63d93c5b71ea2264c0dddbf688c0bnicholes from the ones to be forwarded to the backend. PR 45387.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Yann Ylavic]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_remoteip: Prevent an external proxy from presenting an internal
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes proxy. PR 55962. [Mike Rumph]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Add hooks to allow other modules to perform processing at
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes several stages of initialization and connection handling. See
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes websockets connection as it is being close down. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: Allow the administrator to cap the amount
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes of time a synchronous websockets connection stays idle with
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes ProxyWebsocketIdleTimeout. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes event MPM (trunk-only). [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy_http: Add detach_backend hook (potentially usable
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes in other proxy scheme handlers). [Jeff Trawick]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_deflate: Add DeflateAlterETag to control how the ETag
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes is modified. The 'NoChange' parameter mimics 2.2.x behavior.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 45023, PR 39727. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes allow spaces in backreferences to be encoded as %20 instead of '+'.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_rewrite: Support an optional list of characters to escape in the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes argument for the 'B' (escape backreferences) flag. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_dir: Default to 2.2-like behavior and skip execution when method is
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_rewrite: Rename the handler that does per-directory internal
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes redirects to "rewrite-redirect-handler" from "redirect-handler" so
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes it is less ambiguous and less likely to be reused. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes default limit of 10000 iterations, and allowing each rule to change its
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes limit. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Jeff Trawick]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Jan Kaluza]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to support write completion. [Graham Leggett]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to allow providers to check the ErrorLog argument. [Jan Kaluza]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_cgid: Use the servers Timeout for each read from a CGI script,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes allow override with new CGIDRequestTimeout directive. PR43494
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: ensure any abnormal exit is reported to stderr if it's a tty.
3f24ae54ba5a63d93c5b71ea2264c0dddbf688c0bnicholes PR 55670 [Nick Kew]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_lua: Let the Inter-VM get/set functions work with a global
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes shared memory pool instead of a per-process pool. [Daniel Gruno]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) ldap: Support ldaps when using the Microsoft LDAP SDK.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 54626. [Jean-Frederic Clere]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_proxy: Add ap_connection_reusable() for checking if a connection
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes is reusable as of this point in processing. [Jeff Trawick]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes to avoid performance problems when subgroups aren't in use. [Eric Covener]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_syslog: New module implementing syslog ap_error_log provider.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Previously, this code was part of core, now it's in separate module.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Jan Kaluza]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes syslog support from core to new mod_syslog. [Jan Kaluza]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_status, mod_echo: Fix the display of client addresses.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes They were truncated to 31 characters which is not enough for IPv6 addresses.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes PR 54848 [Bernhard Schmidt <berni birkenwald de>]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Jeff Trawick]
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes *) mod_unique_id: Use output of the PRNG rather than IP address and
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes pid, avoiding sleep() call and possible DNS issues at startup,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes plus improving randomness for IPv6-only hosts.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes [Jan Kaluza <jkaluza redhat.com>]
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
*) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: